This section shows a sample script for Nicman Vault SSO integration, using the method described above.
Call the CMC SSO Secure Login API: Python Example
Below is a sample Python script that outputs a Vault SSO secure login URL for use with the one-way hash method of having the CMC create a cookie. The script also creates an SSO logout URL.
#!/usr/bin/python
import time
import hmac
import hashlib
import base64
import urllib
# TODO: Move these config options to configuration file
SSO_DOMAIN = 'cmc.nicmanlab.com'
SSO_PORT = 8443
SSO_KEY = 'aa2gh3t7rx6d'
# TODO: Dynamically choose user/group based on the user
# and group you want to login using.
SSO_USER = 'sso@group'
SSO_GROUP = 'ssogroup'
# Do Not Change
SSO_PROTO = 'https://'
SSO_PATH = 'Vault/ssosecurelogin.htm'
SSO_LOGOUT_PATH = 'Vault/ssologout.htm'
def sso_sig(user, group, timestamp):
# query string with no urlencoding for signature
signme = 'user=%s&group=%s×tamp=%s' % (user, group, timestamp)
hmacsha1 = hmac.new(SSO_KEY, signme, hashlib.sha1).digest()
return base64.b64encode(hmacsha1)
def sso_url(user, group):
timestamp = int(time.time() * 1000)
signature = sso_sig(user, group, timestamp)
params = {'user': user,
'group': group,
'timestamp': timestamp,
'signature': signature}
query = urllib.urlencode(params)
url = '%s%s:%d/%s?%s' % (SSO_PROTO, SSO_DOMAIN, SSO_PORT, SSO_PATH, query)
return url
def sso_logout_url():
url = '%s%s:%d/%s' % (SSO_PROTO, SSO_DOMAIN, SSO_PORT, SSO_LOGOUT_PATH)
return url
print 'login: ' + sso_url(SSO_USER, SSO_GROUP)
print '\nlogout: ' + sso_logout_url()
 |
The sample script hard-codes the SSO secret key, which is not advisable for actual practice. In practice, you should keep the secret key safely on the server side. |
Confidentiality Notice
The information contained in this document is confidential to, and is the intellectual property of, Nicman Group Neither this document nor any information contained herein may be (1) used in any manner other than to support the use of Vault software in accordance with a valid license obtained from Nicman Group or (2) reproduced, disclosed or otherwise provided to others under any circumstances, without the prior written permission of Nicman Group. Without limiting the foregoing, use of any information contained in this document in connection with the development of a product or service that may be competitive with Vault software is strictly prohibited. Any permitted reproduction of this document or any portion hereof must be accompanied by this legend.